Univention Bugzilla – Bug 40195
UCS400: Removing ACLs on shared folder objects does not remove ACLs in IMAP
Last modified: 2016-01-20 13:44:35 CET
This has to be backported for UCS 4.0. +++ This bug was initially created as a clone of Bug #40194 +++ When removing an ACL at a shared folder object, the ACL will not be removed from IMAP folder. The last configured permission for that user/group is kept.
IMAP ACLs were only removed on "public" shared folders. The same code for diff'ing old and new ACLs is now also used for "private" shared folders. Code: 66356 YAML: 66360
OK: code change OK: functional test OK: YAML (reworded description → r66895) Check old package version: # eval "$(ucr shell)" # udm mail/folder create --position "cn=mail,$ldap_base" --set name=FolderPriv1 --set mailDomain=nstx.local --set mailHomeServer=master90.nstx.local Object created: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -A FolderPriv1@nstx.local/INBOX Username ID Global Rights # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --append sharedFolderUserACL="mail2@nstx.local read" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights user=mail2@nstx.local lookup read write write-seen # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --remove sharedFolderUserACL="mail2@nstx.local read" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --append sharedFolderGroupACL="grp3 append" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights group=grp3 insert lookup post read write write-seen # udm mail/folder modify --dn cn=FolderPriv1@nstx.local,cn=mail,$ldap_base --remove sharedFolderGroupACL="grp3 append" Object modified: cn=FolderPriv1@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local FolderPriv1@nstx.local/INBOX ID Global Rights # eval "$(ucr shell)" # udm mail/folder create --position "cn=mail,$ldap_base" --set name=FolderPub2 --set mailPrimaryAddress=pub2@nstx.local --set mailDomain=nstx.local --set mailHomeServer=master90.nstx.local Object created: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights # udm mail/folder modify --dn cn=FolderPub2@nstx.local,cn=mail,$ldap_base --append sharedFolderUserACL="mail3@nstx.local append" --append sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights group=grp4 lookup read write write-seen user=mail3@nstx.local insert lookup post read write write-seen # udm mail/folder modify --dn cn=FolderPub2@nstx.local,cn=mail,$ldap_base --remove sharedFolderUserACL="mail3@nstx.local append" Object modified: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights group=grp4 lookup read write write-seen user=mail3@nstx.local insert lookup post read write write-seen ←←←←←←←←←← FAIL IN OLD VERSION # udm mail/folder modify --dn cn=FolderPub2@nstx.local,cn=mail,$ldap_base --remove sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub2@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub2@nstx.local ID Global Rights group=grp4 lookup read write write-seen ←←←←←←←←←← FAIL IN OLD VERSION user=mail3@nstx.local insert lookup post read write write-seen ←←←←←←←←←← FAIL IN OLD VERSION # Check new package version: # udm mail/folder create --position "cn=mail,$ldap_base" --set name=FolderPub3 --set mailPrimaryAddress=pub3@nstx.local --set mailDomain=nstx.local --set mailHomeServer=master90.nstx.local Object created: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights # udm mail/folder modify --dn cn=FolderPub3@nstx.local,cn=mail,$ldap_base --append sharedFolderUserACL="mail3@nstx.local append" --append sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=loca # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights group=grp4 lookup read write write-seen user=mail3@nstx.local insert lookup post read write write-seen # udm mail/folder modify --dn cn=FolderPub3@nstx.local,cn=mail,$ldap_base --remove sharedFolderUserACL="mail3@nstx.local append" Object modified: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights group=grp4 lookup read write write-seen # udm mail/folder modify --dn cn=FolderPub3@nstx.local,cn=mail,$ldap_base --remove sharedFolderGroupACL="grp4 read" Object modified: cn=FolderPub3@nstx.local,cn=mail,dc=nstx,dc=local # doveadm acl get -u mail1@nstx.local shared/pub3@nstx.local ID Global Rights #
<http://errata.software-univention.de/ucs/4.0/388.html>